It should be noted that all of the apps attacked by this malware sample have to support for linking bank cards in order to make payments. However, the terms of some apps make it mandatory to link a bank card in order to use the service. As millions of Android users have these applications installed, the damage caused by Faketoken can be significant.

The threat of the Trojan does not end by stealing credentials, the malware is also capable of intercepting all incoming SMS texts, hide them from the victim, and transmit them to the attackers’ server. Thus, it transfers SMS messages that include payment confirmations to the criminals.

It is possible that this version of the Trojan is only a test version and not the final one due to the small number of attacks. The cybercriminals are most likely to improve the Trojan and spread it more widely.

At the moment, the Trojan targets mostly Russian users, but according to past practices, cybercriminals are likely to adopt each other’s ideas. So it shouldn’t take long to adapt the Trojan and use it to target other countries.[3]

About the author

Olivia Morelli
- Senior Media writer

Olivia Morelli is a senior media writer on Reviewedbypro.com. Her favorite topic to write about is ransomware attacks and how to deal with them, but she also enjoys covering the topics of other types of malware and VPNs.